Q1. HOTSPOT - (Topic 3)
You have a DNS server named Server 1. Server1 runs Windows Server 2012 R2.
The network ID is 10.1.1.0/24.
An administrator creates several reverse lookup zones.
You need to identify which reverse lookup zone is configured correctly.
Which zone should you identify?
To answer, select the appropriate zone in the answer area.
Answer:
Q2. - (Topic 3)
You work as an administrator at Contoso.com. The Contoso.com network consists of a single domain named Contoso.com. All servers in the Contoso.com domain, including domain controllers, have Windows Server 2012 R2 installed.
Contoso.com has a Hyper-V server, named ENSUREPASS-SR13, which hosts multiple virtual machines.
You have enabled the use of Single-root I/O virtualization.
Which of the following is TRUE with regards to using Single-root I/O virtualization? (Choose all that apply.)
A. It maximizes network throughput, while minimizing network latency.
B. It maximizes network throughput, as well as network latency.
C. It avoids the virtual switch stack and allows the virtual machine direct access to the actual network switch.
D. It prevents the virtual machine from accessing the network switch directly.
Answer: A,C
Explanation:
SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualizationstack. Because the VF is assigned to a child partition, the network traffic flows directly between the VF and child partition. As a result, the I/O overhead in the software emulation layer is diminished and achieves network performance that is nearly the same performance as in nonvirtualized environments.
Q3. - (Topic 2)
You have two servers named Server1 and Server2 that run Windows Server 2012 R2. Server1 and Server2 are part of a workgroup.
On Server1, you add Server2 to Server Manager.
When you attempt to connect to Server2 from Server Manager, you receive the following error message: "Credentials not valid."
You need to ensure that you can manage Server2 from Server1 by using Server Manager on Server1.
What should you do?
A. On Server 2, run the Configure-SmRemoting cmdlet.
B. On Server 1, run the Set-NetFirewallRule cmdlet.
C. On Server 1, run the Set-Item cmdlet.
D. On Server 2, install the Remote Server Administration Tools (RSAT).
Answer: C
Explanation:
Since they are both workgroup members, server 2 will have to be added to server 1 as a trusted host
Q4. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The network contains a domain controller named DC1 that has the DNS Server server role installed. DC1 has a standard primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their records to the contoso.com zone.
What should you do first?
A. Sign the contoso.com zone.
B. Modify the Security settings of DC1.
C. Modify the Security settings of the contoso.com zone.
D. Store the contoso.com zone in Active Directory.
Answer: D
Explanation:
Only Authenticated users can create records when zone is stored in AD.
Secure dynamic updates allow an administrator to control what computers update what
names and prevent unauthorized computers from overwriting existing names in DNS.
References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 6: Network
Administration, Lesson 2: Implementing DNSSEC, p. 237
http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc755193.aspx
Q5. - (Topic 3)
Your infrastructure divided in 2 sites. You have a forest root domain and child domain. There is only one DC on site 2 with no FSMO roles. The link goes down to site 2 and no users can log on. What FSMO roles you need on to restore the access?
A. Infrastructure master
B. RID master
C. Domain Naming master
D. PDC Emulator
Answer: D
Explanation:
D. The PDC emulator is used as a reference DC to double-check incorrect passwords and it also receives new password changes. PDC Emulator is the most complicated and least understood role, for it runs a diverse range of critical tasks. It is a domain-specific role, so exists in the forest root domain and every child domain. Password changes and account lockouts are immediately processed at the PDC Emulator for a domain, to ensure such changes do not prevent a user logging on as a result of multi-master replication delays, such as across Active Directory sites.
Q6. - (Topic 3)
Your network contains an Active Directory forest that contains two domains. The forest contains five domain controllers. The domain controllers are configured as shown in the following table.
You need to configure DC5 as a global catalog server. Which tool should you use?
A. Active Directory Domains and Trusts
B. Active Directory Users and Computers
C. Active Directory Administrative Center
D. Active Directory Sites and Services
Answer: D
Explanation:
If you have more than one domain in your forest and you have a significant user population in a site, you can optimize the speed and efficiency of domain logons and directory searches by adding a global catalog server to the site. If you have a single-domain forest, global catalog servers are not required for logons, but directory searches are directed to the global catalog. In this case, you can enable the global catalog on all domain controllers for faster directory searches. You can use the same user interface (UI) in the Active Directory Sites and Services snap-in to add or remove the global catalog. Enabling the global catalog can cause additional replication traffic. However, global catalog removal occurs gradually in the background and does not affect replication or performance. Membership in the Enterprise Admins group in the forest or the Domain Admins group in the forest root domain, or equivalent, is the minimum required to complete this procedure. To add or remove the global catalog Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active Directory Sites and Services. To open Active Directory Sites and Services in Windows Server 2012, click Start , type dssite.msc. In the console tree, click the server object to which you want to add the global catalog or from which you want to remove the global catalog. Where? Active Directory Sites and Services\Sites\SiteName\Servers In the details pane, right-click NTDS Settings of the selected server object, and then click Properties. Select the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog. Global catalog servers and sites. To optimize network performance in a multiple-site environment, consider adding global catalog servers in sites according to the needs in the sites for fast search responses and domain logons. It is recommended to make all domain controllers be global catalog severs if possible. In a single-site, multiple-domain environment, a single global catalog server is usually sufficient to cover common Active Directory queries and logons.
Q7. - (Topic 3)
Your network contains an Active Directory domain named contoso.com. The domain contains 500 servers that run Windows Server 2012 R2.
You have a written security policy that states the following:
Only required ports must be open on the servers.
All of the servers must have Windows Firewall enabled.
Client computers used by administrators must be allowed to access all of the ports
on all of the servers.
Client computers used by the administrators must be authenticated before the
client computers can access the servers.
You have a client computer named Computer1 that runs Windows 8.
... .
You need to ensure that you can use Computer1 to access all of the ports on all of the servers successfully. The solution must adhere to the security policy.
Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)
A. On Computer1, create a connection security rule.
B. On all of the servers, create an outbound rule and select the Allow the connection if it is secure option.
C. On all of the servers, create an inbound rule and select the Allow the connection if it is secure option.
D. On Computer1, create an inbound rule and select the Allow the connection if it is secure option.
E. On Computer1, create an outbound rule and select the Allow the connection if it is secure option.
F. On all of the servers, create a connection security rule.
Answer: A,C,F
Explanation:
Unlike firewall rules, which operate unilaterally, connection security rules require that both
communicating computers have a policy with connection security rules or another
compatible IPsec policy.
Traffic that matches a firewall rule that uses the Allow connection if it is secure setting
bypasses Windows Firewall. The rule can filter the traffic by IP address, port, or protocol.
This method is supported on Windows Vista or Windows Server 2008.
References:
http://technet.microsoft.com/en-us/library/cc772021.aspx
http://technet.microsoft.com/en-us/library/cc753463.aspx
Q8. - (Topic 2)
Your network contains a Hyper-V host named Server1 that runs Windows Server 2012 R2.
Server1 hosts a virtual machine named VM1 that runs Windows Server 2012 R2.
You create a checkpoint of VM1, and then you install an application on VM1. You verify
that the application runs properly.
You need to ensure that the current state of VM1 is contained in a single virtual hard disk
file.
The solution must minimize the amount of downtime on VM1.
What should you do?
A. From a command prompt, run dism.exe and specify the /delete-image parameter.
B. From a command prompt, run dism.exe and specify the /commit-image parameter.
C. From Hyper-V Manager, delete the checkpoint.
D. From Hyper-V Manager, inspect the virtual hard disk.
Answer: C
Q9. - (Topic 1)
Your network contains an Active Directory domain named adatum.com. The domain contains a member server named Host1. Host1 runs Windows Server 2012 R2 and has the Hyper-V server role installed.
Host1 hosts two virtual machines named VM5 and VM6. Both virtual machines connect to a virtual switch named Virtual1.
On VM5, you install a network monitoring application named Monitor1.
You need to capture all of the inbound and outbound traffic to VM6 by using Monitor1.
Which two commands should you run from Windows PowerShell? (Each correct answer presents part of the solution. Choose two.)
A. Get-VM “VM6 | Set-VMNetworkAdapter-IovWeight 1
B. Get-VM “VM5 I Set-VMNetworkAdapter -IovWeight 0
C. Get-VM “VM5 | Set-VMNetworkAdapter -PortMirroring Source
D. Get-VM “VM6 | Set-VMNetworkAdapter -AllowTeaming On
E. Get-VM “VM6 | Set-VMNetworkAdapter -PortMirroring Destination
F. Get-VM “VM5 | Set-VMNetworkAdapter -AllowTeaming On
Answer: C,E
Explanation:
-PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination. . If set to Source, a copy of every network packet it sends or receives is forwarded to a virtual network adapter configured to receive the packets. . If set to Destination, it receives copied packets from the source virtual network adapter.
In this scenario, VM5 is the destination which must receive a copy of the network packets from VM6, which s the source.
Reference: http://technet.microsoft.com/en-us/library/hh848457.aspx
Q10. - (Topic 3)
You run a Windows Server 2012 R2, what is the PowerShell command to set preferred dns server. Note: Other config such as ip address should not be changed.
A. Register-DnsClient
B. Set-DnsClient
C. Set-DnsPreferredClientServerAddress
D. Set-DnsClientServerAddress
Answer: D